[krbdev.mit.edu #8480] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Fri Sep 2 17:04:35 EDT 2016
Fix GSSRPC server credential memory leak
In svc_auth_gss.c, stop using the global svcauth_gss_creds, and
instead keep a credential in struct svc_rpc_gss_data. This change
ensures that the same credential is used for each accept_sec_context
call for a particular context, and ensures that the credential is
freed when the authentication data is destroyed. Also, do not acquire
a credential when the default name is used (as it is in kadmind) as it
is not needed.
Leave the svcauth_gss_creds around for the backportable fix as it is
in the library export list. It will be removed in a subsequent
commit.
(cherry picked from commit 670d9828086e979d5cdfd26f00ca88958a03754e)
https://github.com/krb5/krb5/commit/c18aa9999690ea674cdf73d5d5f9a6a0353198de
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: c18aa9999690ea674cdf73d5d5f9a6a0353198de
Branch: krb5-1.14
src/lib/rpc/svc_auth_gss.c | 40 ++++++++++++++--------------------------
1 files changed, 14 insertions(+), 26 deletions(-)
More information about the krb5-bugs
mailing list